Posted
by
CmdrTaco
on Tuesday January 11, 2005 @08:31AM
from the something-a-little-different dept.

Ant writes "Best SSIDs you have seen is the name of the new Broadband Reports' wireless security forum.
Funny ones listed that made me chuckle: WardriversOpenAP,
GET LOST,
HackedAP,
SecureAP (no WEP/WPA), TOP_SECRET, HPD-FieldOffice,
MiddleEarth, HoneyPot, mine, and people's full/last name." I think naming your network 'Default' or 'Linksys' should be a crime ;)

Up until two weeks ago, mine was the only SSID visible, Ok, so it's called 'home', but it's not broadcast, it's using wep and it's locked down by MAC address
last week default and sitecom appeared. Both with default router passwords, I guess someone in my neighborhood got broadband for christmas.
I feel like broadcasting my SSID and changing it to 'I'm at number 35, for god's sake please come over and speek to me about wireless network security!'

WEP is secure enough imho, and anyway, it's all my router supports and I'm not going to fork out for a new one just yet. In the meantime I change the keys weekly.
Sure a MAC address can be cloned, but it's not exactly something that your average script kiddie is going to do. Hell, if someone really wanted to see what I was up to they could just tempest my CRT.
It's about an apropriate level of security, and for me, MAC filtering, not broadcasting my SSID, and changing my WEP keys is enough.

I've picked up a "first/last name" and a "street address" from my kitchen. I thought the address thing was an interesting idea and the fellow had the good sense to enable WEP. (Not so w/ the guy who thought it was a good idea to use his name.)

Twice now, I have seen "linksys" as the SSID. Both times, I logged in remotely to their router because the the owners kept the default password. So I changed their SSID to "Yeasty Cunts" and then I booted and blocked them off their own network. I felt that doing this would teach them a little lesson in security. In both instances, the owners had a better SSID, enabled a new password and either WEP or WPA within a day or two. Mission accomplished

In the process committing a serious crime.

You don't have the right to decide how other people should manage their network. The fault here lies with the manufacturers for providing systems that require too much effort to secure.

Terrorising people into behaving in the way you think they should is despicable. Who made you King?

But, hacking their system and showing how vulnerable they are is not dictating how they should manage their network. I didn't force them to enable better security measures, they could have easily went back to their insecure method. What I did promote was to RTFM.

Which is exactly the sort of arrogant geek centric approach that has led to bad security.

The access points could have been designed to be secure without anyone ever needing to RTFM. Print the serial number of the device on the case of the box, u

Print the serial number of the device on the case of the box, use it as the default password

Uh huh. Can you say "tech support nightmare"? Not only that, it would mean you'd have to create one-off firmware for each and every unit. Every router I've ever used has a factory default password which gets used when you do a hardware reset, and for good reason: the drool monkeys who can't set the clock on their VCR are buying network gear and trying to make it work. The clueless tier 1 tech support goobers need to have a SIMPLE idiot-proof script they can read to the drool monkeys to get them back up and running when they inevitably dork things up.

Remember we're talking about the kind of end-users who set their password to their kids birthday and STILL manage to forget it. Actually expecting them to accurately transcribe a 20 digit alphanumeric string off the box (which they probably threw away immediately, along with the manual) is asking a bit much, and getting them to read the RIGHT number off a sticker on the unit (which likely has a half-dozen different numbers on it)

Although lots of people are bashing it, I think default is actually quite a good name (assuming that the router isn't still in its completely default config!) Linksys is not so good as it gives away the manufacturer and allows an attacker to target the attacks. I do however think that default is a lot better than people using house or family names, as that identifies where the AP is. Even using mordor or middleearth or similar can give away your interests, and thus possibly who you are to someone who knows your street well... default is nice and unassuming.

I don't see how it is a problem to use a street address as an SSID. If somebody wants to figure out what house the AP is in, all it takes is a Pringles can (or less) and a couple dollars in parts. They can then look at the numbers on the front of the house, and they have the exact same information as before. I know what house every AP in my neighborhood belongs to, without even using directional antennas. I have spoken with their owners (was helping resolve interference problems in the neighborhood) and

Why are these two even in the same sentence? The Anarchist's Cookbook is legal to peruse and distribute. Most of the things you can learn from it can be used for shady purposes, but the information is still protected by the first ammendment...

Feel free to download all the bomb making material and kiddie porn you want while simultaneously running bittorrent, LimeWire, and Kazaa at the same time. You can always say "It was someone on my open access point, not me!", but you better have a well-encrypted drive.

And then explain to the judge that "yes, your honor, this drive is encrypted to the point the NSA can't break in, but no, I'm too stupid to enable WEP, and no, I just can't remember the pass-phrase for the drive".

is "linksys". From that point, I know that the AP is unsecured, and has a default admin password.
I visit a cafe a lot in my town, and they have wireless internet that you have to PAY for, and it's like $20/hour, which is ridiculous to pay that much for wireless internet access. But what's more amusing is that it's unencrypted AND still has the default password to the admin console. I feel sorry for anyone who's paying that $20 to surf the web there.

I dunno. At my house, I haven't changed my SSID, don't see the point since it's the only WAP for half a mile at least, but I've got all the encryption turned on, a good password, MAC filtering with only one wireless card allowed, AND you have to go through an authenticated proxy (the address of which is not advertised in any way) to get out on ports 80 or 443.

I can't speak for many others but my SSID is "KeepDrivingAsshole" - I've also seen one in my wardriving travels called, "LeaveMeAlone". Apparently somebody had already had a bit of fun with his network, eh?

my friend and i were at a summer camp where we werent supposed to have internet access, but we plugged in a WAP we brought and set the SSID to "drewisawanker"drew was the name of his RAthe next day we saw 3 RA's walking through the hallway trying to triangulate the location of the WAPcrazy kids we were!

Already done on the Netstumbler forums [netstumbler.org].
Personally, I like "You have been hacked fool!". Worst I've personally seen was an address (nnn Afton Valley Ct). Best was "LandOfChocolate". Check them out at Wigle [wigle.net].

I have to wonder about that. I can't pick up my access point more than 20 feet from my house with my laptop... where are you guys living that you're vulnerable to war drivers? They'd practically have to park on my front lawn to reach mine (it has WEP turned on though). I guess you could use a high gain antenna, but who would go to all that trouble to get access to some guy's access point when you can just get your own DSL?

My WAP is connected to an 'untrusted' interface on my firewall, such that users can access the web and DNS only. The SSID is, with "addr" replaced with my street address, "come_4_beer_at_addr". Haven't had any takers, yet.:)

Using your name actually may turn out to be a good thing if your network is insecure. Somebody in my apartment complex had a wide-open network with the SSID being their name. I was able to track them down by that in order to tell them they should secure it.

Leaving the SSID default or Linksys, is just so... unimaginitive. Setting the SSID to Belkin when it is actually a Cisco is so much better. What is even better for corporations is to include their corporate name, division name, group name, floor number, and a contact phone number; all using only 32 characters.

I set up one for a buddy of mine with this SSID. His building is right next to a post office, so it adds credibility. It's hilarious to watch people come in and see "do you want to connect to noconnect-federaloffense?" One literally jumped back from his laptop.

My home AP is named "FuckOff". It's secured (to the extent that an AP *can* be secured) well enough.

My neighbor INSISTS on leaving his WRT54G unsecured. I change it whenever I'm bored (I've also connected to the LAN, and then to one of his shared printers and printed out some "interesting" photos). I'll name his AP stuff like "pimpwifi" "secureme" "hellomike", etc. Nothing too interesting really.

I used to name my phone that way in bluetooth.A lot of people actually were wondering what was wrong with their cellphones, when they explored their bluetooth-neighbourhood (or got a bluetooth message from me)...

Once wardriving in a train (or is that 'wartraining' ? wartraindriving? I was just the passenger) I found one with a domain name in the SSID. I made a remark about it on my homepage, with a link to the overview of access points found [idefix.net] and to the found webserver of that domain.

He linked back to my site a few days later, finding it funny. (I won't link directly to his webserver now, to avoid a slashdotting to a site most of you can't read since it's in Dutch)

Turning off the SSID is a great step towards keeping the wardrivers away, but if you have a neighbor that wants to get on that network, it won't stop them. The SSID, unfortunately, is still broadcast in the association frames even if beacon frames are disabled. A dedicated attacker is going to get in, so best use something other then just WEP with MAC filtering and beacon frames disabled.

SSIDs listing the geographic location of the AP are a good idea in my opinion. If you know there's an AP at 185th and Birchwood from a cursory glance, you either use a non-interfering frequency or make sure the directional antenna is not throwing garbage that way. Company information is much more useful though. "WmDavis Rsrch AP01" lets me look in the phone book and find "William Davis Research" to yell at them. Troubleshooting an intermittant PTP link in Seattle, I discovered someone claiming to be on a pa

Wardrivers are WelcomeGo Big Girl ProductionsAir EggrollRebels Rule (In a dormitory at school, our rival school is the Rebels)Sniper's DenBig Daddy'sPenguin Army of DoomwirelesslandWhat?cute-little-networkpi mpbot9000

During a trip last year on the Acela [amtrak.com] I ran NetStumbler for a couple of hours as we cruised toward Washington DC and was able to find hundreds of access points. Here are a couple of the interesting SSID's from the log:

KeepDemBussesRollin (passing a state DOT building)

Don't mooch off my shit

testing-testing-testing

It was also common to use what looked like a business name or the a person's first name ("lisa") as the SSID. Some AP's had random alphanumerics or what was obviously an attempt at a password for the SSID.

I also did a very basic analysis of some of the interesting things I discovered, such as...

Most AP's were advertising 11Mbit speed but about 16% advertised higher speeds. I'm not sure if the higher speeds were "a" networks, "g" networks or both. My laptop had an a/b wireless card.

1/3 of the AP's detected were using what was obviously their vendor's default SSID (i.e. "Linksys" "default" "NETGEAR")

>60% of all AP's detected were not running WEP of any kind, but more than half of the Cisco AP's had WEP enabled (probably because end-users generally don't run Cisco stuff).

Vendor breakdown (no they don't add up to 100%)

Linksys 38%

Cisco 17%

NetGear 11%

D-Link 6%

Symbol 4%

Apple 2%

Microsoft 2%

Proxim/Agere/Orinoco 2%

Belkin 1.5%

BreezeNet 1.5%

... and a bunch of others that only appeared once or twice like Addtron, Sercomm,Gemtek, Z-Com, etc.

The sample size for this was about 250 AP's during the outbound trip. On the return trip I ran NetStumbler for a lerger portion of the ride and recorded over 1000 AP's (some of which were duplicates of course) but I haven't taken the time to anlyze this larger data set yet.

I didn't try to connect to any of the AP's... most of them would come and go within a few seconds anyway.:)

I was sitting in a car in a residential neighborhood Palo Alto, looking for a wireless AP to read me email. Someone's AP was labeled with their street address, which made it easy to drive up in front of their house for better reception.

I accidentaly renamed a neighbors unprotected network, thinking I was renaming my own. When I realized my mistake, I wanted to rename it back but I couldnt remember the exact spelling of the name they had used. So, I renamed it "oops". That was 6 months ago, and the "oops" network is still around. I wonder if they are continuing to use it under the new name I gave it...

I have mine set to one of my e-mail addresses. Or at least I did until I set up an AirPort base station as a second base. The Linksys software didn't care, but apparently there's a spec that says "@" isn't allowed in an SSID, and someone at Apple actually read it. Still, as far as I know, nobody's sent me e-mail because of it.

So now it's my e-mail address with @ changed to " at ". And my WEP-40 key is posted in a prominent spot in my living room, because the house is wired for Ethernet, and anyone who

Acquintance of mine has a SSID "Blew me for helping with WLAN" (In Finnish though, "Imutti WLAN-avusta", I think) in his neighbourhood.
He's been looking out through his window since the discovery at his neighbours lately trying to figure out which woman it is, always willing to help out.